01-26-2009
if the employee knows what he is doing, you have no way to find out specific commands to a specific time
check the history file $HOME/.sh_history, if it has been deleted you can see if the employee is trying to hide something
if you delete a specific command from the .sh_history using vi, it's not possible to scroll back since the history file is a special file, check out for this
you can follow his IP-Adress using the "last" command from server to server and see where he was logged in, so you can say if he has been on this server or not
perhaps tell us what you expect he was doing, maybe there is another way
for the future, you can use sudosh, which shows the user input in realtime! you can play it like a movie, including backspace and so on, or put the following entries in /etc/profile, that is what we are doing:
export HISTFILE=/somedir/${LOGNAME}_`date "+%Y%m%d_%H%M%S"`
export HISTSIZE=2000000
the disadvantage of this is, that the user is able to delete this files
9 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Does anybody know how to force a user to automatically logoff a UNIX session if there is no keyboard activity for a period of time? We use COBOL and there is a BEFORE TIME option on the ACCEPT command, however, we do not want to change the many programs we have to detect this.
What we really... (3 Replies)
Discussion started by: MarkN
3 Replies
2. UNIX for Dummies Questions & Answers
Hi,
I have been asked if it is possible to track the last time a specific user logged in to the sysetm.
checked my documentation but can't see it there - google is not being very helpful either.
I wonder if someone here can help - it will be much appreciated.
Thanks
Suresh (1 Reply)
Discussion started by: sureshy
1 Replies
3. Shell Programming and Scripting
Hi there,
I'm looking for some help to get a little script done that shows me (or counts) only the added lines from an SVN repository of one specific user. Anybody has an idea?
Thanks, Michael (0 Replies)
Discussion started by: MichaelGiese
0 Replies
4. UNIX for Dummies Questions & Answers
What commands would you recommend in order to monitor things like when a user logs on to a server, assuming you know that user's name on the server? (2 Replies)
Discussion started by: Sotau
2 Replies
5. UNIX for Advanced & Expert Users
Hi all,
My need is :
1. To know who , when , which command used.
2. Local user should not delete this information.
I mean , with an example , i can say
i have a user user1
i need to give all the following permissions to user1, :
a. A specific directory other than his home... (3 Replies)
Discussion started by: linuxadmin
3 Replies
6. UNIX for Dummies Questions & Answers
Hi all,
My need is :
1. To know who , when , which command used.
2. Local user should not delete this information.
I mean , with an example , i can say
i have a user user1
i need to give all the following permissions to user1, :
a. A specific directory other than his home... (1 Reply)
Discussion started by: sriky86
1 Replies
7. Shell Programming and Scripting
Need some help in coming up to log all the activity that is used with our common "unix account".
Ideally I am looking for to log the activity in a "separate" file for each session or login until the user logout, I would like to capture the date/time and terminal login and record all the ... (3 Replies)
Discussion started by: rajmanna
3 Replies
8. UNIX for Dummies Questions & Answers
Hi All
Please can you help me with the following issue:
A certain vendor installed an application in which for a user to log in; the user must use a user created/predefined by the application. And because this application has more than one user its difficult to track who did what and when,... (6 Replies)
Discussion started by: fretagi
6 Replies
9. UNIX for Advanced & Expert Users
Hi All
We have a job which writes files to a server at a particular time. The files will be created by a particular user ID
Today, during the execution of the job, it created a file to the server and the file sat on the server for sometime, but was deleted immediately at the end of the... (4 Replies)
Discussion started by: sparks
4 Replies
LEARN ABOUT SUSE
tcl_recordandevalobj
Tcl_RecordAndEvalObj(3) Tcl Library Procedures Tcl_RecordAndEvalObj(3)
__________________________________________________________________________________________________________________________________________________
NAME
Tcl_RecordAndEvalObj - save command on history list before evaluating
SYNOPSIS
#include <tcl.h>
int
Tcl_RecordAndEvalObj(interp, cmdPtr, flags)
ARGUMENTS
Tcl_Interp *interp (in) Tcl interpreter in which to evaluate command.
Tcl_Obj *cmdPtr (in) Points to a Tcl object containing a command (or sequence of commands) to execute.
int flags (in) An OR'ed combination of flag bits. TCL_NO_EVAL means record the command but do not evaluate it.
TCL_EVAL_GLOBAL means evaluate the command at global level instead of the current stack level.
_________________________________________________________________
DESCRIPTION
Tcl_RecordAndEvalObj is invoked to record a command as an event on the history list and then execute it using Tcl_EvalObjEx (or Tcl_Global-
EvalObj if the TCL_EVAL_GLOBAL bit is set in flags). It returns a completion code such as TCL_OK just like Tcl_EvalObjEx, as well as a
result object containing additional information (a result value or error message) that can be retrieved using Tcl_GetObjResult. If you do
not want the command recorded on the history list then you should invoke Tcl_EvalObjEx instead of Tcl_RecordAndEvalObj. Normally
Tcl_RecordAndEvalObj is only called with top-level commands typed by the user, since the purpose of history is to allow the user to re-
issue recently invoked commands. If the flags argument contains the TCL_NO_EVAL bit then the command is recorded without being evaluated.
SEE ALSO
Tcl_EvalObjEx, Tcl_GetObjResult
KEYWORDS
command, event, execute, history, interpreter, object, record
Tcl 8.0 Tcl_RecordAndEvalObj(3)